<?php
class RbacCommand extends CConsoleCommand{
    private $_authManager;

    public function getHelp(){
        return <<<EOD
        USAGE
            rbac
        DESCRIPTION
            This command generates an initial RBAC authorization hierarchy.
EOD;
    }

    public function run($args){
        if (($this->_authManager = Yii::app()->authManager) === null){
            echo "Error: an authorization manager named 'authManager' must be configured t ouse this command";
            echo "If you alreaday added 'authManager' please quite an reenter the yiic shell.";
            return;
        }

        echo "This command will create three roles: Author, Editor, Approver & Admin and the following permission:\n";
        echo "create, read, update and delete user\n";
        echo "create, read, update and delete topic\n";
        echo "create, read, update and delete article";
        echo "Would you like to continue? [Yes|No] ";

        if (!strncasecmp(trim(fgets(STDIN)), 'y', 1)){
            $this->_authManager->clearAll();


            //create the lowest level operations for ARTICLE
            $this->_authManager->createOperation("createArticle", "create a new article");
            $this->_authManager->createOperation("updateArticle", "update a new article");
            $this->_authManager->createOperation("readArticle", "read articles");
            $this->_authManager->createOperation("deleteArticle", "delete a article");

            //create advanced level operation for ARTICLE
            $this->_authManager->createOperation("setArticleEdited", "edit an article");
            $this->_authManager->createOperation("setArticleApproved", "approve an article");
            $this->_authManager->createOperation("setArticleArchived", "set an article as archived");
            $this->_authManager->createOperation("setArticleProtected", "set and article as protected");

            //create AUTHOR role and add appropriate permissions as chilren to this role
            $role = $this->_authManager->createRole("author");
            $role->addChild("createArticle");
            $role->addChild("updateArticle");
            $role->addChild("readArticle");


            //create EDITOR role and add appropriate permissions as children to this role
            //as well as AUTHOR role itself, as children
            $role = $this->_authManager->createRole("editor");
            $role->addChild("author");
            $role->addChild("setArticleEdited");

            //create APPROVER role and add appropriate permissions as children to this role
            //as well the editor role itself, as children
            $role = $this->_authManager->createRole("approver");
            $role->addChild("editor");
            $role->addChild("setArticleApproved");
            $role->addChild("setArticleArchived");
            $role->addChild("setArticleProtected");

            //create ADMIN role
            $role = $this->_authManager->createRole("ADMIN");
            $role->addChild("author");
            $role->addChild("editor");
            $role->addChild("approver");
            $role->addChild("deleteArticle");
            
            //assign admin to user admin
            $this->_authManager->assign("ADMIN", 1);


            //provide a message indicating success
            echo "Authrization hierarchy successfully generated.";
        }
    }
}
?>
